China

China

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources related to privacy in China. The IAPP Resource Center also includes an “Asia” topic page, which can be accessed here.

Subscribe to the IAPP Asia-Pacific Dashboard Digest e-newsletter
Keep up to date with the most important privacy and data protection news from Asia and Australia-New Zealand by subscribing to the Asia-Pacific Dashboard Digest e-newsletter.

Featured Resources

Top-5 Operational Impacts of the PIPL

This 5-part series is written by a host of experts on Chinese law. It explores the most important features of China’s PIPL, from requirements around sensitive personal information, data subject rights, and international data transfers, to the bases for handling data, DPO responsibilities, and enforcement mechanisms and penalties.
Read More

China’s PIPL takes effect

China’s Personal Information Protection Law is now in effect, just over two months since its adoption, with companies seeking to figure out how to best comply and regulators working to answer remaining questions.
Read More

China’s PIPL — What You Need to do Now

Do you have Chinese visitors to your website, Chinese employees or subcontractors, do you buy from China and have information on people in China? Then you need to know more.
Read More


Latest News and Resources

Top 5 operational impacts of China's PIPL — Part 5: International data transfers

China’s Personal Information Protection Law, which is still in the process of being fleshed out through implementing regulations and official guidance, provides a regulatory framework that governs the cross-border transfer of personal information. This article focuses on PIPL and the transfer mechanisms it proposes to safeguard personal information transferred out of China. Note that the PIPL is only one piece in the patchwork of Chinese legislation that addresses cross-border data transfers, a... Read More

Top 5 operational impacts of China’s PIPL — Part 4: Penalties and enforcement mechanisms

The Personal Information Protection Law is the first law dedicated to protecting personal information in China, provides comprehensive penalty and enforcement mechanisms, including administrative penalties, private actions, public interest actions (China’s equivalent of class actions), public security administration, and criminal penalties. Every individual or organization that acts as a data handler, including state organizations as stipulated in Article 33, will be subject to the enforcement o... Read More

Top 5 operational impacts of China's PIPL: Part 3 — Personal information protection officer

China's Personal Information Protection Law introduces the position of "personal information protection officer" — akin to the data protection officer role under the EU General Data Protection Regulation. When the amount of personal information processed by an organization reaches the threshold specified by the national cybersecurity administration authority, it is mandatory to appoint a PIPO to supervise the processing activities and protective measures implemented.  Definition of personal inf... Read More

Top-5 operational impacts of China’s PIPL: Part 2 — Obligations and rights

The Personal Information Protection Law of the People’s Republic China entered into force Nov. 1, 2021. As the first comprehensive personal data law of China, the PIPL imposes a number of legal obligations on businesses in relation to the collection, processing, provision, transfer, deletion and destruction of personal data. Obligations of 'PIPs' under PIPL Under the PIPL, personal information processor is the primary obligor in handling personal information. A PIP refers to an organization or... Read More

Top-5 operational impacts of China's PIPL: Part 1 — Scope, key definitions and lawful handling of personal information

In this five-part series, we examine several facets of the Personal Information Protection Law of the People’s Republic of China, which came into force Nov. 1, after two rounds of public consultation. The drafting of the PIPL was heavily influenced by the EU General Data Protection Regulation, and follows GDPR closely in many areas. However, it has distinct features, scope and exclusions that global companies need to understand. A key threshold distinction between the GDPR and the PIPL relates... Read More

Demystifying Data Localization in China: A Practical Guide
(Future of Privacy Forum, February 2022)
China bans apps over PIPL, DSL violations
(IAPP, December 2021)
China publishes draft data security regulations
(IAPP, November 2021)
China’s central bank to crack down on fintech and protect privacy
(IAPP, November 2021)
China’s draft algorithm regulations: A first for consumer privacy
(IAPP, October 2021)
China’s key enforcement agencies and lessons learned from recent actions
(IAPP, August 2021)
LinkedIn Live: “Understanding China’s New Personal Information Protection Law”
(IAPP, August 2021)
Analyzing China’s PIPL and how it compares to the EU’s GDPR
(IAPP, August 2021)
LinkedIn Live: “Introducing China’s New Privacy Law: PIPL”
(IAPP, August 2021)
China adopts national privacy law
(IAPP, August 2021)
China rolls out guidance on IoT security standards
(IAPP, October 2021)
China clamps down on cryptocurrency transactions
(IAPP, September 2021)
Shanghai sets up data exchange to improve manufacturing efficiency
(IAPP, September 2021)
CAC unveils draft regulations on ‘algorithmic recommendations’
(IAPP, August 2021)
Draft PIPL submitted for deliberation
(IAPP, August 2021)
China signals clamp down on privacy, AI and big data through 2025
(IAPP, August 2021)
NPC to consider final passage of China’s PIPL
(IAPP, July 2021)
Shenzhen passes China’s first local data law
(IAPP, July 2021)
How a smart city challenge highlights China’s AI success
(IAPP, July 2021)
The future of data localization and cross-border transfer in China: a unified framework or a patchwork of requirements?
(IAPP, June 2021)
Inside China’s efforts to regulate tech companies’ data
(IAPP, June 2021)
China passes data security law
(IAPP, June 2021)
China, India could finalize privacy legislation by year’s end
(IAPP, April 2021)
Hangzhou court makes final ruling in China’s first facial recognition lawsuit
(IAPP, April 2021)
Privacy Updates in China and India: 2 Giants Legislating Data Protection
(IAPP, April 2021)
China’s central bank seeks to allay digital currency privacy concerns
(IAPP, March 2021)
Chinese government issues new data collection rules
(IAPP, March 2021)
China launches vaccine passport for domestic travelers
(IAPP, March 2021)
The road ahead for China’s draft privacy bill: What we can learn from public comments
(IAPP, January 2021)
China’s Civil Code now in effect
(IAPP, January 2021)
LinkedIn Live: ‘Privacy Around the Globe: China’
(IAPP, December 2020)
A look at the extraterritorial applicability of China’s newly issued PIPL: A comparison to the EU’s GDPR
(IAPP, November 2020)
A look at China’s draft of Personal Data Protection Law
(IAPP, October 2020)
China rolls out global data security plan
(IAPP, September 2020)
Leak exposes Chinese minority surveillance
(IAPP, August 2020)
Beijing Internet Court rules against social media sites in user data cases
(IAPP, August 2020)
Federal case against TikTok claims children’s data sent to China
(IAPP, August 2020)
Chinese Parliament considers privacy law as annual meeting begins
(IAPP, May 2020)
Chinese facial-recognition tech works past masks
(IAPP, March 2020)
Report: Software used during coronavirus outbreak shares personal data with police
(IAPP, March 2020)
Coronavirus ramps up Chinese data collection
(IAPP, February 2020)
China likely to regulate apps more stringently in 2020
(IAPP, February 2020)
Chinese regulators issue rules to prevent illegal collection and use of app users’ data
(IAPP, January 2020)
China uses DNA to create human facial images
(IAPP, December 2019)
China has released its version of COPPA
(IAPP, October 2019)
Web Conference: Changing Needs, Changing Laws: The Origin and Impact of China’s PIPL
(IAPP, August 2019)
Taiwanese university students’ smartphone use and the privacy paradox
(Taiwan, July 2019)
Web Conference: Data Protection Legal Update: Hong Kong and China
(IAPP, October 2016)
View More Resources

PIPL Law and Resources

On August 20, 2021, the top legislative body in the People’s Republic of China, the Standing Committee of the National People’s Congress, passed the Personal Information Protection Law. The law went into effect Nov. 1, 2021. This English translation of the law is published by the Stanford DigiChina Cyber Policy Center.

China adopts national privacy law

The top legislative body in the People's Republic of China voted Friday to adopt a new national privacy law. The Standing Committee of the National People's Congress passed the Personal Information Protection Law at a meeting in Beijing, according to the nation's state-operated Xinhua News Agency. The sweeping law will take effect Nov. 1. With the move, the PRC joins three of the world's top four economies with an omnibus privacy law, leaving the U.S. as the only nation in the top four without ... Read More